Encrypted Search compromising security and cryptographic protection

Encrypted Search does not weaken the strength of Virtru’s symmetric encryption or give Virtru access to unencrypted content. It is an extra step added on top of the AES-256 symmetric encryption used to encrypt the message as a whole.

At a high level, the output of Virtru’s Encrypted Search has stronger security properties than Tokenization, so, if Tokenization is appropriate for use in your context, then Virtru’s Encrypted Search likely is, too. However, like tokenization, enabling Encrypted Search may allow a third party to infer relationships between messages.

For setup of up searchable content, Virtru will authorize only specific users to obtain search keys. These are keys that enable your users to both create and search content. Loss of these keys must be protected against, as loss of these keys may result in other users interrogating encrypted content determining whether an encrypted object is likely to contain a particular keyword. This process would NOT reveal the word’s position in the content, and it is NOT guaranteed that the word actually appears, since the algorithm has a built-in false positive to mitigate this kind of attack.

On query, cloud providers or other adversaries may associate each search token to all documents that match the token. Whenever a user searches for the same keywords, an adversary can infer the frequency of the search. When searching for both plaintext and encrypted content in the same session, it can imply an association between the encrypted tokens and the plaintext words.